BlackDuck Hub Connector

 
BlackDuck software composition analysis (SCA) solutions and open source audits give you the insight you need to track the open source in your code, mitigate security and license compliance risks, and automatically enforce open source policies using your existing DevOps tools and processes.

 

 

To import your data from Black Duck to the Application Security Module you will need to use the BlackDuck Connector under the Open Source section of the Cisco Vulnerability Management UI. There are two different BlackDuck Connectors: the API Connector and the JSON Connector. To learn about the differences between API and File-based connectors, see the help page here.

Cisco recommends the Black Duck Hub API Connector for ease of use. The connector is a full-run connector, and does not currently support incremental runs. The two connectors function similarly, however the JSON connector is just a file based connector, meaning it will not auto-pull information from BlackDuck.

Prerequisites

  • BlackDuck deployments are on-premises you will need one of the following:

    • Virtual Tunnel

    • Agent

  • Must have access to the BlackDuck API for the API Connector. See the Determine Appropriate Access

Determine Appropriate Access

Create an access user with the appropriate level of access to projects that you want imported into Cisco Vulnerability Management.

1. As an Administrator, in the UI go to the “hamburger menu” in the top-left corner and selection AdministrationUser ManagementCreate User.

2. Do one of the following:

If you want the Cisco Vulnerability Management to have access to all of your projects' vulnerabilities, grant the new BlackDuck user the Global Project Viewer role.

If you want Cisco Vulnerability Management to have access to the vulnerabilities of only certain projects, then click Add Project and in the Project field, begin to type the name of each project that you would like this user to have visibility to. Auto complete suggestions will be provided matching available projects. You can enter multiple project names in this field.

BlackDuck_Kenna.pngAdd_Project.png

 

 

Configuring your Connector in Cisco Vulnerability Management

1. In the Cisco Vulnerability Management UI, click Connectors.
2. Click Add Connector.
3. In the Open Source section, click BlackDuck Hub.

BlackDuck-Hub-Connector_UI.png

4. On the Back Duck Hub screen, enter the following information:

 

 

  • Name: Enter a name for the connector, or leave it as Black Duck Hub.

  • Enter the Username and Password for the account you want to use.

  • Host:
    If your host is static, enter the IP address and the port number.
    If your host is dynamic, enter the DNS and port number.

  • Schedule: Select the frequency that you’d like your Connector to run. (Cisco recommends mirroring the cadence of your BlackDuckscans).

  • If your deployment is on-premises, you must select either the Use Virtual Tunnel or Use Agent checkbox, which will display below the Asset Inactivity Limit field, depending on which of those you have deployed in your environment.

  • Asset Inactivity Limit:  Enter a time in days for the connector level asset inactivity limit. Cisco recommends 2-3 times the scan cadence of your connector scans.

5. Click Save and Verify.

 

Using Reports

When extracting data from BlackDuck to import into Cisco Vulnerability Management, you have three report options: Vulnerability Status, Vulnerability Remediation, and Vulnerability Update. The file format required for your connector is Vulnerability Status.

 

 Hub.png 

 

Exporting Reports 

When using the JSON Connector (File Based), you will need to export a report.

  1. Log in to BlackDuck as the user you created above with the appropriate level of Report access.

  2. Go to the “hamburger menu” in the top-left corner of the UI and select Reports.

  3. Select Create New Report

    1. Choose Report Type: Vulnerability Status Report

    2. Choose Report Format: HTML

  4. Wait for the Report to be processed.

  5. Once available, click on the report to view it in your browser

  6. From your browser’s File menu, choose Save As. Alternatively, you can press CTRL + s on your keyboard (Command + s on Mac).

  7. To successfully export a JSON file using the UI, you must adjust the name of the report being saved. Instead of Black Duck.htm, change the file extension to end in .json.htm as seen in this screenshot:

    HTML_Blackduck_report.png

     

    The resulting file will contain the JSON results of the Vulnerability Status Report.
  8. Log into Cisco Vulnerability Management and go to Connectors

  9. If you do not already have a BlackDuck JSON Connector, create one.

  10. Upload the file from Step 7 by dragging it to your BlackDuck JSON Connector in Cisco Vulnerability Management.

 

What BlackDuck Items does Cisco Vulnerability Management Import?

 

BlackDuck Field

Cisco Vulnerability Management Field

Notes

versionSummary > projectName

Application Identifier

Search for application_identifer in Cisco Vulnerability Management by using the custom query box and typing application:""

versionSummary > project.identifier

Asset External_id

 

Any of the following:

'Patched' OR 'Duplicate' OR 'Ignored' OR 'Mitigated' OR ‘Remediation_Complete’

vulnerability Status = Closed

 We do not map false positives or triage states. If an item has any of the statuses in column A, Cisco Vulnerability Management will mark the vulnerability Closed.

absence of status= ('Patched' OR 'Duplicate' OR 'Ignored' OR 'Mitigated' OR ‘Remediation_Complete’)

vulnerability Status = Open

 

doc.score

scanner_score

Range: 1-10

Informational - 0

Low - 3

Medium - 6

High - 9

vulnerability.id

Vulnerability Title / Name

 

Black Duck Security Advisory

BDSA-#####

Any Black Duck security advisories that are not correlated with CVEs, CWEs, or WASC-IDs will be imported as unique BDSAs.

cwe_id

CWE

 

wasc_id

WASC-ID

 

cve_id

CVE Raw Data

 

report.generated_at

Found On

Black Duck does not pass timestamps in the report, thus Cisco Vulnerability Management generates a “report Generated at” timestamp for every connector run. Any data that is seen for the first time is Found On the earliest date-time referenced.

report.generated_at

last_seen_time &
vulnerability_last_seen

Black Duck does not pass timestamps in the report, thus Cisco Vulnerability Management generates a “report Generated at” timestamp for every connector run. Any data that is seen in our most recent report will be updated with their last_seen information.

doc.description

Description

 

 

After the Black Duck reports are pulled, Cisco Vulnerability Management generates a master document. Any item that is mapped from doc. refers to that master document. This doesn’t necessarily represent the field name in Black Duck.

 

Optional Settings

The following settings can be enabled on the backend for BlackDuck Hub Connectors. To have these settings enabled, or for more information, please contact Support, or your Customer Success Engineer.

Exclude Informationals

When you enable this option, Cisco Vulnerability Management will only import vulnerabilities that include a CVE, CWE, or WASC ID.

Ignore Scanner Last Seen Time

Select this setting if you do not want the asset last seen time in Cisco Vulnerability Management to be the scanner reported last seen time.

Custom Ordered Locators

Locators (such as IP, Netbios, and FQDN) can be reordered to better deduplicate vulnerabilities on the Connector level or the entire Platform level. For more information, see the help article here.

 

Common Reasons for BlackDuck Hub Connector Run Failures

  • Bad Credentials. If you enter the incorrect connector credentials during the connector setup, Cisco Vulnerability Management will not have access to the environment to make the API calls.
  • If no reports are found, Cisco Vulnerability Management will abort the Connector run, rather than fail it outright.
  • If an API call fails (no data available, or other reasons).
  • If Cisco Vulnerability Management receives data that is not in the expected format and cannot process it, the connector will fail.
  • If more than 1% of connector payloads fail to import cleanly, Cisco Vulnerability Management will auto-fail the Connector run.

Additional Assistance

Contact Support if you require any additional assistance with the BlackDuck Hub Connector.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.